Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

[Osama Zia <osamaz@microsoft.com>]

Hi,

 

I will copy the definition of VN from
http://tools.ietf.org/id/draft-ietf-nvo3-framework-09.txt

 

Virtual Network (VN): A VN is a logical abstraction of a physical

   network that provides L2 or L3 network services to a set of Tenant

   Systems. A VN is also known as a Closed User Group (CUG).

 

I think the difference between VN and VPN is the context. For example, I
have not come across a definition of VPN in context of abstraction. I would
agree to use VN instead of VPN. This will also be consistent with the
terminology in other drafts. 

 

Regards,

Osama

 

From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Xuxiaohu
Sent: Thursday, August 14, 2014 8:17 PM
To: Larry Kreeger (kreeger); Benson Schliesser; Linda Dunbar
Cc: nvo3@ietf.org
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Larry,

 

IMO, DCVPN is just a particular VPN which is deployed in the DC environment
and may have some special requirements on the VPN technologies. The
perception that the MPLS-based VPN technology should only be used over the
WAN or the Internet is mistaken and therefore should be corrected. Could you
please explain the technical reasons why the MPLS-based VPN technologies
could not be deployed within the DC? Could you please explain why the
MPLS-over-IP based encapsulations could not be used within the DC?

 

Best regards,

Xiaohu

 

From: Larry Kreeger (kreeger) [mailto:kreeger@cisco.com] 
Sent: Friday, August 15, 2014 10:57 AM
To: Xuxiaohu; Benson Schliesser; Linda Dunbar
Cc: nvo3@ietf.org <mailto:nvo3@ietf.org> 
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Xiaohu,

 

An NVO3 VN is not an IPSec VPN nor an SSL VPN either.  All the types of VPNs
you mention are typically used over the WAN/Internet and/or involve
encryption for privacy of the internet.  I use a VPN to connect into my
company from my home.  The company end of the VPN is probably located in a
data center.  Does that make it a DCVPN?

 

 - Larry

 

From: Xuxiaohu <xuxiaohu@huawei.com <mailto:xuxiaohu@huawei.com> >
Date: Thursday, August 14, 2014 7:52 PM
To: Larry Kreeger <kreeger@cisco.com <mailto:kreeger@cisco.com> >, Benson
Schliesser <bensons@queuefull.net <mailto:bensons@queuefull.net> >, Linda
Dunbar <linda.dunbar@huawei.com <mailto:linda.dunbar@huawei.com> >
Cc: "nvo3@ietf.org <mailto:nvo3@ietf.org> " <nvo3@ietf.org
<mailto:nvo3@ietf.org> >
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Larry,

 

The term VPN is a generic term which could be interpreted as IPsec VPN, SSL
VPN and MPLS-based VPN etc. If some people have a mistaken perception of the
term VPN, their mistaken perception should be corrected.

 

Best regards,

Xiaohu

 

From: Larry Kreeger (kreeger) [mailto:kreeger@cisco.com] 
Sent: Friday, August 15, 2014 10:08 AM
To: Xuxiaohu; Benson Schliesser; Linda Dunbar
Cc: nvo3@ietf.org <mailto:nvo3@ietf.org> 
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Xiaohu,

 

In practice, there really isn't much difference in the services of a VN vs a
VPN.  My concern is just the perception of what the term VPN already means
in the industry.  I don't think we want people to have preconceived notions
about what a DCVPN is, e.g. an MPLS VPN running within a DC.

 

 - Larry

 

From: Xuxiaohu <xuxiaohu@huawei.com <mailto:xuxiaohu@huawei.com> >
Date: Thursday, August 14, 2014 6:21 PM
To: Larry Kreeger <kreeger@cisco.com <mailto:kreeger@cisco.com> >, Benson
Schliesser <bensons@queuefull.net <mailto:bensons@queuefull.net> >, Linda
Dunbar <linda.dunbar@huawei.com <mailto:linda.dunbar@huawei.com> >
Cc: "nvo3@ietf.org <mailto:nvo3@ietf.org> " <nvo3@ietf.org
<mailto:nvo3@ietf.org> >
Subject: RE: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Larry,

 

Could you please explain to us what's the real difference between VPN and
VN? 

 

Best regards,

Xiaohu

 

From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Larry Kreeger
(kreeger)
Sent: Friday, August 15, 2014 6:24 AM
To: Benson Schliesser; Linda Dunbar
Cc: nvo3@ietf.org <mailto:nvo3@ietf.org> 
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi Benson,

 

What you say below seems important enough the articulate in the charter.
Namely, that NVO3 is not tasked with developing DCVPN solutions based on BGP
and MPLS, which will be handled by a different WG.

 

I'm wondering if the term "DCVPN" is confusing enough to not use it.  I know
it was in the original NVO3 charter, but I always felt it was there to keep
the door open for L2VPN/L3VPN based solutions.  I don't believe we use
"DCVPN" very much in the current WG documents.  We mainly use the term
Virtual Network (VN).  Should we use VN in the charter instead?

 

Thanks, Larry

 

From: Benson Schliesser <bensons@queuefull.net
<mailto:bensons@queuefull.net> >
Date: Thursday, August 14, 2014 10:57 AM
To: Linda Dunbar <linda.dunbar@huawei.com <mailto:linda.dunbar@huawei.com> >
Cc: "nvo3@ietf.org <mailto:nvo3@ietf.org> " <nvo3@ietf.org
<mailto:nvo3@ietf.org> >
Subject: Re: [nvo3] Fwd: DRAFT Charter Update for Discussion

 

Hi, Linda.

 

On Wed, Aug 13, 2014 at 4:39 PM, Linda Dunbar <linda.dunbar@huawei.com
<mailto:linda.dunbar@huawei.com> > wrote:

The proposed charter is so general that there is not much to pick on. Yes,
you have done a great job drafting it.

 

I'm not sure if you're serious, or teasing me / being sarcastic, but either
way I guess it puts a smile on my face. ;)

 

 So the NVO3 is now DCVPN? Since the underlay is IP, will it become another
L3VPN?

 

Somebody else asked me a similar question privately, so I want to make sure
it's clear...

 

The term "NVO3" refers to a working group. The term "DCVPN" refers to the
category of solutions for providing multi-tenancy, etc in a DC environment.
There are possibly many technical approaches to designing a DCVPN. Some of
those approaches might be based on protocols like BGP, MPLS, etc, which are
developed in other WGs. As proposed in the new charter, NVO3 does not own
the scope / charter for all work on DCVPNs. Rather, the proposed NVO3
charter is meant to narrow our focus to a specific type of DCVPN:
overlay-based with a logically centralized control plane.

 

That being said, is that not clear from the text that we proposed? Is there
some specific way that it could be improved?

 

Cheers,

-Benson